On Thu, 5 Feb 2026, Stuart Henderson wrote:

> On 2026/02/05 11:20, Damien Miller wrote:
> > Hi,
> > 
> > This is another vestigial bit of support for the !privsep case in
> > sshd. All direct access to the KbdintDevice should happen in the
> > unprivileged ssh-auth process and should therefore be done by RPC
> > into the privileged monitor. This means using the mm_* functions
> > unconditionally.
> > 
> > Would appreciate if someone who uses BSD authentication (e.g.
> > login_yubikey or login_ldap) could test this.
> 
> Yes, this still works. Tested with totp via login_oath.

Thanks - I'll commit.

-d